Running Bitdefender As A Standard User

I have recently switched to Bitdefender AV from two different competing products (one on my desktop and a different one on my laptop). As a basic security precaution, I always run my windows user as a standard user and not as an administrator.


Bitdefender is lacking some usability features that make running as a standard user somewhat painful. Firstly, if an infection is found and the user does not have access rights to this file, it will not be cleaned. This is a real deal-breaker. It should run in elevated mode and have the capability to remove/heal/clean everything on the hard drive. One needs to log off and then log in to the administrator account to be able to complete any disinfection. Other products handle this much better than Bitdefender.


Secondly, alerts cannot be cleared by a standard user. Again, one needs to log out and then login as the administrator in order to dismiss the alerts (which can frequently be as trivial as a "install the windows updates" type of alert). While not critical like the disinfection issue, it's a heavy usability penalty.


I would recommend that you investigate making the standard user experience a little easier.

Comments

  • I have recently switched to Bitdefender AV from two different competing products (one on my desktop and a different one on my laptop). As a basic security precaution, I always run my windows user as a standard user and not as an administrator.


    Bitdefender is lacking some usability features that make running as a standard user somewhat painful. Firstly, if an infection is found and the user does not have access rights to this file, it will not be cleaned. This is a real deal-breaker. It should run in elevated mode and have the capability to remove/heal/clean everything on the hard drive. One needs to log off and then log in to the administrator account to be able to complete any disinfection. Other products handle this much better than Bitdefender.


    Secondly, alerts cannot be cleared by a standard user. Again, one needs to log out and then login as the administrator in order to dismiss the alerts (which can frequently be as trivial as a "install the windows updates" type of alert). While not critical like the disinfection issue, it's a heavy usability penalty.


    I would recommend that you investigate making the standard user experience a little easier.


    I like bitdefender approach here. I do not wan't any other user than me, to do something with antivirus software. The malware should be cleaned in autopilot mode even on standard account.


    About security: there is no need to use computer as a standard user, since there is active UAC in Windows (Vista, 7, 8). Until you won't see UAC alert, you can do in system as much, as a standard user. Check UAC settings to be sure. I think you are still mentally in the Winows XP :) Read about UAC and make your life easier. Have a good time.

  • I like bitdefender approach here. I do not wan't any other user than me, to do something with antivirus software. The malware should be cleaned in autopilot mode even on standard account.


    About security: there is no need to use computer as a standard user, since there is active UAC in Windows (Vista, 7, 8). Until you won't see UAC alert, you can do in system as much, as a standard user. Check UAC settings to be sure. I think you are still mentally in the Winows XP :) Read about UAC and make your life easier. Have a good time.


    I'm afraid you're misinformed. I didn't ask for a lecture on UAC. I'm a security professional and am quite aware of how UAC works. Nonetheless, the administrator is a privileged user and inherently able to do things that a standard user cannot do. An administrator account with UAC is not the same as a standard user account and additionally, malware has been known to bypass UAC controls.


    Would you like a concrete example?


    From arstechnica


    At a non-elevated admin prompt simply execute:


    reg add "HKCU\Software\Microsoft\Command Processor" /v AutoRun /d "regedit" /f


    Then, sometime later, when you run an elevated command prompt for some other reason, notice that regedit pops up out of the blue.


    Feel free to replace "regedit" with the name of the silent rootkit installer your malware downloaded in a perfectly non-elevated fashion.


    Now try the same with a standard user account and see what happens. The regedit payload in this case only runs in the elevated prompt, with elevated privileges and without any UAC window popping up and asking for permission. The point is that if malware runs in a protected admin account, there are ways for it to get elevated privileges without triggering any UAC prompts. As just demonstrated. And so your sense of security from UAC is a false sense of security.


    So, without intending this to become a debate on the relative merits of a standard user account, my request to the developers remains. Please make this software easier to use in a standard account as per my first post.

  • One needs to log off and then log in to the administrator account to be able to complete any disinfection. Other products handle this much better than Bitdefender.


    Secondly, alerts cannot be cleared by a standard user. Again, one needs to log out and then login as the administrator in order to dismiss the alerts (which can frequently be as trivial as a "install the windows updates" type of alert). While not critical like the disinfection issue, it's a heavy usability penalty.


    I would recommend that you investigate making the standard user experience a little easier.


    I'm running Windows 8 as a standard user.


    If I need to do something with my BD Antivirus, I right click on the BD AV icon and log in as the admin, like I do with Auslogics, Glary Utilities, Wise Care 365, etc...


    No problems.